When you create a network where numerous machines are deployed, security is of paramount concern. With IDS/IPS, you can detect attacks. This detection implements a security layer to all communications and cordons your systems from unwanted intrusions or attack. You can also take actions like blocking the attacker’s IP for certain time, and send an alert message to the administrator.
Note
The IDS/IPS feature is available only in the clients with Microsoft Windows.
You can create different policies with varying IDS/IPS settings and apply them to the groups so that each has separate policies based on the requirement.
Configuring IDS/IPS
To configure policy for IDS/IPS, follow these steps:
- Create Container/feature policy for IDS/IPS.
- In the Host IDS/IPS section, enable IDS/IPS Rules by selecting the check box. By default, this option is selected.
- Select the Detect Port Scanning Attack check box, if required.
- Select the Detect DDOS (Distributed Denial of Service) Attack check box, if required.
- From the following options, select an action to be performed when attack is detected:
- Block Attackers IP for … Minutes. By default, this option is selected and 5 minutes are set. Select the time, if required.
- Display alert message when attack is detected. This option helps you to take an appropriate action when attack is detected.
- To save your settings, click Save Policy.
Importantly, if you have customized the settings and later you want to revert to the default settings, click the Reset Default button.
Customizing Port Scanning
You can customize settings for Detect Port Scanning Attack as follows:
- On IDS/IPS policy page, select the Detect Port Scanning Attack check box.
The Customize link gets enabled. - Click the Customize link.
The Settings –Port Scanning dialog appears. - Select one of the following levels:
- Soft: Detect attack if many ports are scanned
- Normal: Detect attack if multiple ports are scanned
- Strict: Detect attack if few ports are scanned
- Custom: Helps you customize the number of scanned ports and attack duration.
- To exclude an IP address you do not want to be scanned, click Add in the Excluded IP Addresses section.
- On the Add IP Address screen, type an IP Address or IP range and then click OK.
- To exclude a port that you do not want to be scanned, click Add from the Excluded Ports section.
- On the Add Port screen, type a Port or Port range and then click OK.
Customization for Distributed Denial of Service
You can customize settings for Detect DDOS (Distributed Denial of Service) Attack as follows:
- On IDS/IPS policy page, select the Detect DDOS (Distributed Denial of Service) Attack check box.
The Customize link gets enabled. - Click the Customize link.
The Settings – Denial of Service dialog appears.
Select one of the following levels:- Soft: Detect attack if many attacks are detected
- Normal: Detect attack if multiple attacks are detected
- Strict: Detect attack if few attacks are detected
- Custom: Helps you customize the number of attack sources and attack duration.
- To exclude an IP address that you do not want to be scanned, click Add in the Excluded IP Addresses section.
- On the Add IP Address screen, type an IP Address or IP range and then click OK.
- To exclude a port that you do not want to be scanned, click Add in the Excluded Ports section.
- On the Add Port screen, type a port or port range and then click OK.